Date: 22 December 2009
References: ESB-2009.1470 ESB-2009.1513 ESB-2010.0317
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1668
Vulnerabilities identified in koffice
22 December 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: koffice
Publisher: Mandriva
Operating System: Mandriva Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User ytayInteraction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2009-3609 CVE-2009-3606
Reference: ESB-2009.1513
ESB-2009.1470
Comment: This advisory references vulnerabilities in products which run on
platforms other than Mandriva. It is recommended that administrators
running koffice check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:336
http://www.mandriva.com/security/
_______________________________________________________________________
Package : koffice
Date : December 17, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered and fixed in pdf
processing code embedded in koffice package (CVE-2009-3606 and
CVE-2009-3609).
This update fixes these vulnerabilities.
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
07cc3430d0e670a37a58c007ab929d5b 2008.0/i586/koffice-1.6.3-9.3mdv2008.0.i586.rpm
ee7e4a828814a36bb7a400c0458ef9f7 2008.0/i586/koffice-karbon-1.6.3-9.3mdv2008.0.i586.rpm
fe0a53cd2cc05f900b6b588d4b0f3b18 2008.0/i586/koffice-kexi-1.6.3-9.3mdv2008.0.i586.rpm
bbeafac90a9fca25fbbcc4939d52c21d 2008.0/i586/koffice-kformula-1.6.3-9.3mdv2008.0.i586.rpm
d4d0c1c317e2d915938270fa85bd1a59 2008.0/i586/koffice-kivio-1.6.3-9.3mdv2008.0.i586.rpm
8cdfed722bc72d5b1a43ddd7590b0c38 2008.0/i586/koffice-koshell-1.6.3-9.3mdv2008.0.i586.rpm
238c4a8b527a0f4920752a8b296c09a8 2008.0/i586/koffice-kplato-1.6.3-9.3mdv2008.0.i586.rpm
82581539e3f98cb8dbabfaf5bf7d5f61 2008.0/i586/koffice-kpresenter-1.6.3-9.3mdv2008.0.i586.rpm
2ad7c4c5ac604d3fe423872c530f9898 2008.0/i586/koffice-krita-1.6.3-9.3mdv2008.0.i586.rpm
9b8963aa3d0537132820340e33f5ea98 2008.0/i586/koffice-kspread-1.6.3-9.3mdv2008.0.i586.rpm
658ff75bc9fbeeda75b6fc358d691705 2008.0/i586/koffice-kugar-1.6.3-9.3mdv2008.0.i586.rpm
575e4041f7e7aa270686218886dd0b3a 2008.0/i586/koffice-kword-1.6.3-9.3mdv2008.0.i586.rpm
b5fa6cd39b7e3913d02082812e96872a 2008.0/i586/koffice-progs-1.6.3-9.3mdv2008.0.i586.rpm
9ad6986af1241ddad3342e7ebe3a6bd0 2008.0/i586/libkoffice2-karbon-1.6.3-9.3mdv2008.0.i586.rpm
37268f938e671a9fa31ed2c34478763b 2008.0/i586/libkoffice2-karbon-devel-1.6.3-9.3mdv2008.0.i586.rpm
d4fd910879f3dfe158672dd7dcb645fc 2008.0/i586/libkoffice2-kexi-1.6.3-9.3mdv2008.0.i586.rpm
30807f6231760e395752071bc50e0fa7 2008.0/i586/libkoffice2-kexi-devel-1.6.3-9.3mdv2008.0.i586.rpm
c33624080c6e54e392674c8b2d3ea79a 2008.0/i586/libkoffice2-kformula-1.6.3-9.3mdv2008.0.i586.rpm
238703e8f0837e63103b076da9faa8c3 2008.0/i586/libkoffice2-kformula-devel-1.6.3-9.3mdv2008.0.i586.rpm
299cd67d08c5729bf41a7061bc6d5fe7 2008.0/i586/libkoffice2-kivio-1.6.3-9.3mdv2008.0.i586.rpm
8a416555cc66dba5fe507a8c465f5fb6 2008.0/i586/libkoffice2-kivio-devel-1.6.3-9.3mdv2008.0.i586.rpm
4503123a95710d08582fce37ffa8b8c2 2008.0/i586/libkoffice2-koshell-1.6.3-9.3mdv2008.0.i586.rpm
380c1a1e1141c87f8c275b329356cf42 2008.0/i586/libkoffice2-kplato-1.6.3-9.3mdv2008.0.i586.rpm
c0ad60018beb0b59a99074c8e3a075a9 2008.0/i586/libkoffice2-kpresenter-1.6.3-9.3mdv2008.0.i586.rpm
7de150e73ac4cc2216d1add2788d9f85 2008.0/i586/libkoffice2-kpresenter-devel-1.6.3-9.3mdv2008.0.i586.rpm
99acb4bbf847aa32eee96c27672874bd 2008.0/i586/libkoffice2-krita-1.6.3-9.3mdv2008.0.i586.rpm
9d7a401cb148d7b2ef2e536c6b34d0d1 2008.0/i586/libkoffice2-krita-devel-1.6.3-9.3mdv2008.0.i586.rpm
45e3d950e1ab98205249ef8c50ae3fc0 2008.0/i586/libkoffice2-kspread-1.6.3-9.3mdv2008.0.i586.rpm
bc7c6671a2221ddc6d75c3a9ebed2b23 2008.0/i586/libkoffice2-kspread-devel-1.6.3-9.3mdv2008.0.i586.rpm
7b90f78305c286e0b405c60717c14812 2008.0/i586/libkoffice2-kugar-1.6.3-9.3mdv2008.0.i586.rpm
475c20d63a1ba1a31dbab9f9e19453e2 2008.0/i586/libkoffice2-kugar-devel-1.6.3-9.3mdv2008.0.i586.rpm
fc3a18ba90ddd0dd2c99d81ea41f0789 2008.0/i586/libkoffice2-kword-1.6.3-9.3mdv2008.0.i586.rpm
78b5df25330d89601148f64ac1f8680b 2008.0/i586/libkoffice2-kword-devel-1.6.3-9.3mdv2008.0.i586.rpm
235e37a1a1539d7d6d8a7b064f36617a 2008.0/i586/libkoffice2-progs-1.6.3-9.3mdv2008.0.i586.rpm
ac0c29b303e7ab57f4bed255dc2e06d2 2008.0/i586/libkoffice2-progs-devel-1.6.3-9.3mdv2008.0.i586.rpm
d69ebcb65b4c3718c22cc32e8c07d38f 2008.0/SRPMS/koffice-1.6.3-9.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
02f638e0c27b82b4cefe88551ec97e42 2008.0/x86_64/koffice-1.6.3-9.3mdv2008.0.x86_64.rpm
82af7dfad84480599aeec60574aa4a0c 2008.0/x86_64/koffice-karbon-1.6.3-9.3mdv2008.0.x86_64.rpm
01f4f44a2743bbf553ba32aa04149286 2008.0/x86_64/koffice-kexi-1.6.3-9.3mdv2008.0.x86_64.rpm
b5447a90a349030cfee1b1fc248ad772 2008.0/x86_64/koffice-kformula-1.6.3-9.3mdv2008.0.x86_64.rpm
c52ace63530c59e4488025a22fc02616 2008.0/x86_64/koffice-kivio-1.6.3-9.3mdv2008.0.x86_64.rpm
d95f4158980fa62480524b0016419dff 2008.0/x86_64/koffice-koshell-1.6.3-9.3mdv2008.0.x86_64.rpm
70f7d2a37f18d5901dcaaa49dd4d34fc 2008.0/x86_64/koffice-kplato-1.6.3-9.3mdv2008.0.x86_64.rpm
cb1ecfb60a39e62d004e9213767c3a94 2008.0/x86_64/koffice-kpresenter-1.6.3-9.3mdv2008.0.x86_64.rpm
3897f0a9020a4e0366cc3b44ca27839d 2008.0/x86_64/koffice-krita-1.6.3-9.3mdv2008.0.x86_64.rpm
2d0d2bbcdada8101d6b89c85024f7f07 2008.0/x86_64/koffice-kspread-1.6.3-9.3mdv2008.0.x86_64.rpm
cc83a4dd2db2a637dc8314e127f09d2e 2008.0/x86_64/koffice-kugar-1.6.3-9.3mdv2008.0.x86_64.rpm
f698e9e0c0f047e0a8d5e7bac1a0f900 2008.0/x86_64/koffice-kword-1.6.3-9.3mdv2008.0.x86_64.rpm
b1ad8180f375d5d0805cfb09984bb3c2 2008.0/x86_64/koffice-progs-1.6.3-9.3mdv2008.0.x86_64.rpm
0d2d26ca9ee19f636e60a711c6c9b202 2008.0/x86_64/lib64koffice2-karbon-1.6.3-9.3mdv2008.0.x86_64.rpm
5ad50a56b9e73ae416ee1a29cadbe776 2008.0/x86_64/lib64koffice2-karbon-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
8183880fc70c64beb53928c837c4ba06 2008.0/x86_64/lib64koffice2-kexi-1.6.3-9.3mdv2008.0.x86_64.rpm
29dc029530ba0dbfe60d030423a4918b 2008.0/x86_64/lib64koffice2-kexi-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
2408b140905098e017aa7174f0300558 2008.0/x86_64/lib64koffice2-kformula-1.6.3-9.3mdv2008.0.x86_64.rpm
f40dbee3c588dc3b5517f4dc814e0b17 2008.0/x86_64/lib64koffice2-kformula-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
d515dbec3b38565da435ab8076677953 2008.0/x86_64/lib64koffice2-kivio-1.6.3-9.3mdv2008.0.x86_64.rpm
48b91f88ce8d4bb4271069438af0d047 2008.0/x86_64/lib64koffice2-kivio-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
78de3c4ca95ad2f559a229174c0e73a9 2008.0/x86_64/lib64koffice2-koshell-1.6.3-9.3mdv2008.0.x86_64.rpm
1d19f6bac268d70519c09dd92b1c1e88 2008.0/x86_64/lib64koffice2-kplato-1.6.3-9.3mdv2008.0.x86_64.rpm
a34f49f1d4aa726e44b06d9a8c971b66 2008.0/x86_64/lib64koffice2-kpresenter-1.6.3-9.3mdv2008.0.x86_64.rpm
8620dee6090f1f558e990dfcc0545492 2008.0/x86_64/lib64koffice2-kpresenter-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
afb2e7f351760b199ae851d846b9cd5e 2008.0/x86_64/lib64koffice2-krita-1.6.3-9.3mdv2008.0.x86_64.rpm
63386a61b6fbd683bfc0ea1caf1141fe 2008.0/x86_64/lib64koffice2-krita-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
54499f2e10266d9064d956cae723e416 2008.0/x86_64/lib64koffice2-kspread-1.6.3-9.3mdv2008.0.x86_64.rpm
b90bb5270de5a1c3f321b8f479a658f5 2008.0/x86_64/lib64koffice2-kspread-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
d0201818fd21f73dfff36037581d6729 2008.0/x86_64/lib64koffice2-kugar-1.6.3-9.3mdv2008.0.x86_64.rpm
408c06d5a8b0ce93a9ca7878c08b1853 2008.0/x86_64/lib64koffice2-kugar-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
2af69583190e0e9742a83789d1190790 2008.0/x86_64/lib64koffice2-kword-1.6.3-9.3mdv2008.0.x86_64.rpm
e24607d6e27ed7c5c7e8bde7fc035111 2008.0/x86_64/lib64koffice2-kword-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
b4828671b9831a2ab648b6543f21107e 2008.0/x86_64/lib64koffice2-progs-1.6.3-9.3mdv2008.0.x86_64.rpm
031d6a9a1cdd42a5920374cdf94ccaac 2008.0/x86_64/lib64koffice2-progs-devel-1.6.3-9.3mdv2008.0.x86_64.rpm
d69ebcb65b4c3718c22cc32e8c07d38f 2008.0/SRPMS/koffice-1.6.3-9.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLKqD9mqjQ0CJFipgRAr8VAKCQS6a2whK9tC9m4aoGmNUMM3P26ACgyue+
UwD+FTPTViwBP2obIZwUBYQ=
=lSgW
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLMAK8NVH5XJJInbgRAqnGAJ4znesgJ8nalALDNG1VhcrQsVK15gCfR4KK
3RHhapKRdCgANuqXPd9EXag=
=UB8i
-----END PGP SIGNATURE-----
|